These top ten progamming languages have most vulnerable apps on the Internet.

web-apps
A new research showed that Scripting languages, in general, give birth to more security vulnerabilities in web applications, which raised concerns over potential security bugs in millions of websites.

The app security firm Veracode has released its State of Software Security: Focus on Application Development report (PDF), analyzing more than 200,000 separate applications from October 1, 2013, through March 31, 2015.

A new research showed that Scripting languages, in general, give birth to more security vulnerabilities in web applications, which raised concerns over potential security bugs in millions of websites.

The app security firm Veracode has released its State of Software Security: Focus on Application Development report (PDF), analyzing more than 200,000 separate applications from October 1, 2013, through March 31, 2015.

PHP, which is on third, is actually leading the ranking because ColdFusion is a high-end niche tool and Classic ASP is almost dead.

Taking a closer look at PHP:

86% of applications written in PHP contained at least one cross-site scripting (XSS) vulnerability.
56% of apps included SQLi (SQL injection), which is one of the dangerous and easy-to-exploit web application vulnerabilities.
67% of apps allowed for directory traversal.
61% of apps allowed for code injection.
58% of apps had problems with credentials management
73% of apps contained cryptographic issues.
50% allowed for information leakage.

From above issues, SQLi and XSS are among the Open Web Application Security Project's (OWASP) Top 10 most critical web application security risks.
And the Title of "Most Vulnerable Programming Language of Year 2015" Goes to…
SQL injection bugs – which allow hackers to directly interact with a Web site's database – are the ones that have been blamed for the massive data breaches at kiddie toymaker VTech and telecom firm TalkTalk.

According to the report, the risk size of the above vulnerabilities can be measured by the volume of PHP apps developed for the Top 3 CMS (Content Management Systems) – WordPress, Drupal and Joomla – that represent over 70% of the CMS market.

Choose Your Scripting Language Wisely

Less than a quarter of Java applications contain SQL injection flaws, compared to more than three-quarters of those applications written in PHP.

"When organizations are starting new development projects and selecting languages and methodologies, the security team has an opportunity to anticipate the types of vulnerabilities that are likely to arise and how best to test for them," Veracode's CTO Chris Wysopal advised.